Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF NOVEMBER 20, 2021 SAM #7294
SOURCES SOUGHT

D -- Food Services Software VISN 20 BPA

Notice Date
11/18/2021 11:26:07 AM
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
260-NETWORK CONTRACT OFFICE 20 (36C260) VANCOUVER WA 98662 USA
 
ZIP Code
98662
 
Solicitation Number
36C26022Q0113
 
Response Due
11/30/2021 12:00:00 PM
 
Archive Date
01/29/2022
 
Point of Contact
Ross Byrne, Contracting Officer, Phone: 253-888-4922
 
E-Mail Address
ross.byrne@va.gov
(ross.byrne@va.gov)
 
Awardee
null
 
Description
SOURCES SOUGHT This is a Sources Sought Synopsis (SSS) ONLY. The U.S. Government is conducting market research only to determine the availability of qualified sources capable of providing Food Service Software. Potential Contractors are invited to provide a response via e-mail to Contract Specialist at ross.byrne@va.gov by Nov 30, 2021 12:00 pm (PT). Responses will be used to determine the appropriate strategy for a potential acquisition. Please clearly identify any information your company considers sensitive or proprietary. This notice is issued solely for information and planning purposes - it does not constitute a Request for Quotation (RFQ), or a promise to issue an RFQ in the future. This notice does not commit the U.S. Government to contract for any supply or service. Further, the U.S. Government is not seeking quotes, or proposals at this time and will not accept unsolicited quotes in response to this sources sought synopsis. The U.S. Government will not pay for any information or administrative costs incurred in response to this notice. Submittals will not be returned to the responder. Not responding to this notice does not preclude participation in any future RFQ, if any is issued. BACKGROUND: The VA Puget Sound Healthcare System, Seattle Washington, has a requirement for a Contractor to provide Housing Placement Services. Please see draft Performance Work Statement for requirements. NAICS: 511210 Interested potential Contractors please provide the following. 1) Company Name, address, point of contact, phone number, email address, and DUNS Please indicate business size: Small Disadvantage Business (SDB)____ 8(a)____ Historically Underutilized Business Zone (HUBZone)____ Service-Disabled Veteran-Owned Small Business (SDVOSB)____ Veteran-Owned Small Business (VOSB)_____ Economically Disadvantaged Women-Owned Small Business (EDWOSB)_____ Women-Owned Small Business concerns (WOSB)_____ Small Business_____ Large Business_____ Federal Supply Schedule______ 2) Please submit a brief capability statement (maximum three (3) pages) with enough information to demonstrate to the Veterans Affairs that you have the resources, personnel, software, and qualifications as required in the Draft Performance Work Statement to provide the required food services software. **Draft Performance Work Statement PERFORMANCE WORK STATEMENT (PWS) DEPARTMENT OF VETERANS AFFAIRS VISN 20 Nutrition and Food Services VISN 20 Food Services Software Date: 11/2/2021 PWS Version Number: 2.0 Contents 1.0 BACKGROUND 3 2.0 APPLICABLE DOCUMENTS 3 3.0 SCOPE OF WORK 4 4.0 PERFORMANCE DETAILS 5 4.1 PERFORMANCE PERIOD 5 4.2 PLACE OF PERFORMANCE 5 4.3 SPECIFIC TASKS AND DELIVERABLES 5 5.0 SECURITY REQUIREMENTS 7 5.1 ENTERPRISE AND IT FRAMEWORK 7 5.1.1 VA TECHNICAL REFERENCE MODEL 7 5.1.2 FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT (FICAM) 8 5.1.3 INTERNET PROTOCOL VERSION 6 (IPV6) 9 5.1.4 TRUSTED INTERNET CONNECTION (TIC) 10 5.1.5 STANDARD COMPUTER CONFIGURATION 10 5.1.6 VETERAN FOCUSED INTEGRATION PROCESS (VIP) 10 5.1.7 PROCESS ASSET LIBRARY (PAL) 11 5.2 METHOD AND DISTRIBUTION OF DELIVERABLES 11 5.3 FACILITY/RESOURCE PROVISIONS 11 5.4 GOVERNMENT FURNISHED PROPERTY 12 6.0 PERFORMANCE METRICS 13 ADDENDUM A ADDITIONAL VA REQUIREMENTS, CONSOLIDATED 14 ADDENDUM B VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE 19 BACKGROUND Food services software is used for the efficient management of inventory, man-power, costs, menus, ticket generation, and nutrition tracking. There is an operational need for food services software at multiple facilities in VISN 20. APPLICABLE DOCUMENTS In the performance of the tasks associated with this Performance Work Statement, the Contractor shall comply with the following as required by this contract: 44 U.S.C. § 3541-3549,  Federal Information Security Management Act (FISMA) of 2002 Federal Information Security Modernization Act of 2014 Federal Information Processing Standards (FIPS) Publication 140-2, Security Requirements For Cryptographic Modules FIPS Pub 199. Standards for Security Categorization of Federal Information and Information Systems, February 2004 FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2016 FIPS Pub 201-2, Personal Identity Verification of Federal Employees and Contractors, August 2013 VA Directive 0710, Personnel Security and Suitability Program, June 4, 2010, https://www.va.gov/vapubs/index.cfm VA Handbook 0710, Personnel Security and Suitability Program, May 2, 2016, https://www.va.gov/vapubs/index.cfm VA Directive and Handbook 6102, Internet/Intranet Services, August 5, 2019 36 C.F.R. Part 1194 Information and Communication Technology Standards and Guidelines, January 18, 2017 Office of Management and Budget (OMB) Circular A-130, Managing Federal Information as a Strategic Resource, July 28, 2016 32 C.F.R. Part 199, Civilian Health and Medical Program of the Uniformed Services (CHAMPUS) NIST SP 800-66 Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008 VA Directive 6500, VA Cybersecurity Program, January 24, 2019 VA Handbook 6500, Risk Management Framework for VA Information Systems Tier 3: VA Information Security Program, March 10, 2015 VA Handbook 6500.2, Management of Breaches Involving Sensitive Personal Information (SPI) , July 28, 2016 VA Handbook 6500.3, Assessment, Authorization, And Continuous Monitoring Of VA Information Systems, February 3, 2014 VA Handbook 6500.5, Incorporating Security and Privacy into the System Development Lifecycle , March 22, 2010 VA Handbook 6500.6, Contract Security, March 12, 2010 VA Handbook 6500.8, Information System Contingency Planning , April 6, 2011 VA Handbook 6500.11, VA Firewall Configuration , August 22, 2017 OI&T Process Asset Library (PAL), https://www.va.gov/process/ . Reference Process Maps at https://www.va.gov/process/maps.asp and Artifact templates at https://www.va.gov/process/artifacts.asp One-VA Technical Reference Model (TRM) (reference at https://www.va.gov/trm/TRMHomePage.aspx) VA Directive 6508, Implementation of Privacy Threshold Analysis and Privacy Impact Assessment, October 15, 2014 VA Handbook 6508.1, Procedures for Privacy Threshold Analysis and Privacy Impact Assessment, July 30, 2015 VA Handbook 6510, VA Identity and Access Management , January 15, 2016 VA Directive 6300, Records and Information Management, September 21, 2018 VA Handbook, 6300.1, Records Management Procedures, March 24, 2010 NIST SP 800-37 Rev 1, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, December 2018 NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations, January 22, 2015 SCOPE OF WORK The Contractor shall supply off the shelf Nutrition and Food Services Software for the medical centers within VISN 20. VISN 20 currently needs ongoing user-friendly software program to meet the needs of the Nutrition and Food Services Departments. The contractor shall provide both food service and clinical nutrition software using HL7 interface to connect to the CP3S system already in use within VISN 20, using Oracle database users and an application server to be centrally located. The database server accommodates multiple VISN 20 sites along with full autonomy of standardized data among several sites. If connection to the VA Network is required, it must first meet the approval of VISN 20 technical staff and be compliant with national VA regulations. This includes wireless equipment. Wireless equipment connecting to the VA Network must also be compatible with existing facility wireless technology. All wireless equipment and technology must be tested for security of information and interference with existing VA wireless systems. Set up activities as well as support services will be provided by Contractor initially and as needed for an annual fee. The Contractor subject matter expert (SME) will serve as a trusted advisor and an extension to the VISN 20 team with regards to Contractor software solutions as described in the task deliverables below. Vendor will agree to provide customized start up support in accordance with VISN 20 requirements. Support will include flow analysis, on-site days, and telephone support. The vendor will provide the minimum number of training days as outlined below. This can be increased if mutually agreed upon by VISN 20 and the vendor. Initiation or start-up support will also include file building of all files required to bring up the Nutrition and Food Service software package. VISN 20 will have the ability to customize the program to their needs and receive all future updates. PERFORMANCE DETAILS PERFORMANCE PERIOD The PoP shall be February 1, 2022 thru January 31, 2027. Each facility can exercise contracts as needed within this period. Standard contract will be base year, plus 4 option years. Base year may be partial year to account for start date to end of fiscal year (Sept 30). All option years will be consistent with federal government fiscal year, October 1 through September 30. PLACE OF PERFORMANCE Tasks under this PWS shall be performed in VA facilities located in VISN 20. Work may be performed at remote locations with prior concurrence from the Contracting Officer s Representative (COR). Electronic citrixaccess.va.gov at the following VISN sites: VA Puget Sound Health Care System | Seattle Division | 1660 S. Columbian Way | Seattle, WA 98108 VA Puget Sound Health Care System | American Lake Division | 9400 Veterans Drive | Tacoma, WA 98493 VA Portland Health Care System | Portland Division | 3710 SW US Veterans Hospital RD | Portland, OR 97239 VA Portland Sound Health Care System | Vancouver Division | 1601 E. 4th Plain Blvd | Vancouver, WA 98661 Jonathan M Wainwright VAMC | 77 Wainwright Drive | Walla Walla, WA 99362 Mann-Grandstaff VAMC | 4815 N Assembly St | Spokane, WA 99205 White City Rehabilitation Center and Clinics | 8495 Crater Lake Hwy | White City, OR 97503 Roseburg VA Medical Center | 913 Northwest Garden Valley Blvd | Roseburg, OR 97471 Boise VA Medical Center | 500 W Fort Street | Boise, ID 83702 Specific Tasks and Deliverables The Contractor will provide application software, support, oracle DBA Support (24x7x365), and extended (24x7) interface support services for all VISN 20 medical centers. The Contractor shall perform the following: Provide Programs and Modules Consistent with and as Requested by each VISN Location Individually. Each program and module will include delivery, training and implementation of the software. Program and modules available will include (but are not limited to): Food Service Operations Management (FOM) [Select + Pro] Nutrition Care Management (NCM) [Select + Pro] NCM/FOM Platinum Bedside Connect Room Service Connect Meal Choice Connect Multi-Site HL7 ADT/DO Interface HS Single Sign-On (Module) EMR Conversion Package Room Service (Module) EasyTouch Menu Selection (Module) Tray inMotion(Module + Elite) Nutrition Food Labeling (Module) TouchPoint Dining (Module) Video Display Board (Module) Merge (Module) Accounting (Module) Automated Menu Planning System (Module) Tube Feeding Interface Label Elite (Module) KDS Interface Standard Application Support and Subscription Service Food Services Software Product Updates for currently supported products Telephone Support during standard support hours for direct primary support regarding the use and operation of the software shall be provided via a toll-free 800 telephone number to customers from 3:00 a.m. to 6:00 p.m. (Pacific Time) for Nutrition Care Management and 6:00 a.m. to 6:00 p.m. (Pacific Time) for Foodservice Operations Management, Monday thru Friday, except for Thanksgiving Day (USA), Christmas Day, New Year s Day and July 4th. Web-based Customer Support Website Remote Support Accessibility via VPN Customer will call the support line #: 800-222-4458 option 1, during the hours of 3:00 a.m. 6:00 p.m. M-F / Pacific Time. Oracle DBA Remote Administration Veteran Administration (VA): This service provides remote Oracle database administration needs for food services software operations and includes 24x7x365 access to our staff of Certified Oracle DBAs. The following are offered as part of this service: Periodic performance analysis (upon request) Oracle emergency support Resolving all serious Oracle alert log messages Team Support from Professional DBAs Oracle software upgrades and migrations Backup and Recovery support Immediate response to any database emergency Same Day response to any database non-emergency Performance tuning and space optimization available on an as needed basis Access to My Oracle Support (upon request) Extensive HS Admin and HS Auto Maintenance Support Our Requirements Access to local help desk (per region) Current Oracle Technical Support Contract WebEx connection to Oracle database servers (upon request) In regard to Oracle licensing, this service can still be provided with the caveat that Contractor will not be able to contact Oracle directly. It is the responsibility of the license holder to contact Oracle, open any support tickets, and communicate any relevant information to Contractors DBA s to resolve issue Customer will call support line #: To Be Provided Enhanced 24x7 Interface Support: Interface Application Support is related to the specific features and functionality of food services software interface applications. This support level covers the actual use of the food services software application and remediation of problems that arise within the software. Update installation support is covered under this support level, as are data problem identification, and general system use. Telephone Break/Fix Support 24x7 Remote Support Accessibility via VPN Customer will call support line #: To Be Provided SECURITY REQUIREMENTS ENTERPRISE AND IT FRAMEWORK VA TECHNICAL REFERENCE MODEL The Contractor shall support the VA enterprise management framework. In association with the framework, the Contractor shall comply with OI&T Technical Reference Model (VA TRM). The VA TRM is one component within the overall Enterprise Architecture (EA) that establishes a common vocabulary and structure for describing the information technology used to develop, operate, and maintain enterprise applications. Moreover, the VA TRM, which includes the Standards Profile and Product List, serves as a technology roadmap and tool for supporting OI&T. Architecture & Engineering Services (AES) has overall responsibility for the VA TRM. FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT (FICAM) The Contractor shall ensure Commercial Off-The-Shelf (COTS) product(s), software configuration and customization, and/or new software are Personal Identity Verification (PIV) card-enabled by accepting HSPD-12 PIV credentials using VA Enterprise Technical Architecture (ETA), https://www.ea.oit.va.gov/EAOIT/VA_EA/Enterprise_Technical_Architecture.asp, and VA Identity and Access Management (IAM) approved enterprise design and integration patterns, https://www.oit.va.gov/library/recurring/edp/index.cfm. The Contractor shall ensure all Contractor delivered applications and systems comply with the VA Identity, Credential, and Access Management policies and guidelines set forth in the VA Handbook 6510 and align with the Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance v2.0. The Contractor shall ensure all Contractor delivered applications and systems provide user authentication services compliant with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3, VA Handbook 6500 Appendix F, VA System Security Controls , and VA IAM enterprise requirements for direct, assertion based authentication, and/or trust based authentication, as determined by the design and integration patterns. Direct authentication at a minimum must include Public Key Infrastructure (PKI) based authentication supportive of PIV card and/or Common Access Card (CAC), as determined by the business need. The Contractor shall ensure all Contractor delivered applications and systems conform to the specific Identity and Access Management PIV requirements set forth in the Office of Management and Budget (OMB) Memoranda M-04-04, M-05-24, M-11-11, and NIST Federal Information Processing Standard (FIPS) 201-2. OMB Memoranda M-04-04, M-05-24, and M-11-11 can be found at: https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/omb/memoranda/fy04/m04-04.pdf, https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/omb/memoranda/fy2005/m05-24.pdf, and https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf respectively. Contractor delivered applications and systems shall be on the FIPS 201-2 Approved Product List (APL). If the Contractor delivered application and system is not on the APL, the Contractor shall be responsible for taking the application and system through the FIPS 201 Evaluation Program. The Contractor shall ensure all Contractor delivered applications and systems support: Automated provisioning and are able to use enterprise provisioning service. Interfacing with VA s Master Veteran Index (MVI) to provision identity attributes, if the solution relies on VA user identities. MVI is the authoritative source for VA user identity data. The VA defined unique identity (Secure Identifier [SEC ID] / Integrated Control Number [ICN]). Multiple authenticators for a given identity and authenticators at every Authenticator Assurance Level (AAL) appropriate for the solution. Identity proofing for each Identity Assurance Level (IAL) appropriate for the solution. Federation for each Federation Assurance Level (FAL) appropriate for the solution, if applicable. Two-factor authentication (2FA) through an applicable design pattern as outlined in VA Enterprise Design Patterns. A Security Assertion Markup Language (SAML) implementation if the solution relies on assertion based authentication. Additional assertion implementations, besides the required SAML assertion, may be provided as long as they are compliant with NIST SP 800-63-3 guidelines. Authentication/account binding based on trusted Hypertext Transfer Protocol (HTTP) headers if the solution relies on Trust based authentication. Role Based Access Control. Auditing and reporting capabilities. Compliance with VIEWS 00155984, PIV Logical Access Policy Clarification https://www.voa.va.gov/DocumentView.aspx?DocumentID=4896. The required Assurance Levels for this specific effort are Identity Assurance Level 3, Authenticator Assurance Level 3, and Federation Assurance Level 3. INTERNET PROTOCOL VERSION 6 (IPV6) The Contractor solution shall support the latest Internet Protocol Version 6 (IPv6) based upon the directives issued by the Office of Management and Budget (OMB) on August 2, 2005 (https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/omb/memoranda/fy2005/m05-22.pdf) and September 28, 2010 (https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/transition-to-ipv6.pdf). IPv6 technology, in accordance with the USGv6 Profile, NIST Special Publication (SP) 500-267 (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-267.pdf), the Technical Infrastructure for USGv6 Adoption (https://www.nist.gov/programs-projects/usgv6-program), and the NIST SP 800 series applicable compliance (https://csrc.nist.gov/publications/sp) shall be included in all IT infrastructures, application designs, application development, operational systems and sub-systems, and their integration. In addition to the above requirements, all devices shall support native IPv6 and/or dual stack (IPv6 / IPv4) connectivity without additional memory or other resources being provided by the Government, so that they can function in a mixed environment. All public/external facing servers and services (e.g. web, email, DNS, ISP services, etc.) shall support native IPv6 and/or dual stack (IPv6/ IPv4) users and all internal infrastructure and applications shall communicate using native IPv6 and/or dual stack (IPv6/ IPv4) operations. Guidance and support of improved methodologies which ensure interoperability with legacy protocol and services in dual stack solutions, in addition to OMB/VA memoranda, can be found at: https://www.voa.va.gov/documentlistpublic.aspx?NodeID=282. TRUSTED INTERNET CONNECTION (TIC) The Contractor solution shall meet the requirements outlined in Office of Management and Budget Memorandum M08-05 mandating Trusted Internet Connections (TIC) (https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/omb/memoranda/fy2008/m08-05.pdf), M08-23 mandating Domain Name System Security (NSSEC) (https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/omb/memoranda/fy2008/m08-23.pdf), and shall comply with the Trusted Internet Connections (TIC) Reference Architecture Document, Version 2.0 https://www.dhs.gov/sites/default/files/publications/TIC_Ref_Arch_v2.2_2017.pdf. STANDARD COMPUTER CONFIGURATION The Contractor IT end user solution that is developed for use on standard VA computers shall be compatible with and be supported on the standard VA operating system, currently Windows 10 (64bit), Internet Explorer 11 and Office 365 ProPlus.  Applications delivered to VA and intended to be deployed to Windows 10 workstations shall be delivered as a signed .msi package with switches for silent and unattended installation and updates shall be delivered in signed .msp file formats for easy deployment using System Center Configuration Manager (SCCM) VA s current desktop application deployment tool.  Signing of the software code shall be through a vendor provided certificate that is trusted by VA using a code signing authority such as Verizon/Cybertrust or Symantec/VeriSign.  The Contractor shall also ensure and certify that their solution functions as expected when used from a standard VA computer, with non-admin, standard user rights that have been configured using the United States Government Configuration Baseline (USGCB) and Defense Information Systems Agency (DISA) Secure Technical Implementation Guide (STIG) specific to the particular client operating system being used. VETERAN FOCUSED INTEGRATION PROCESS (VIP) The Contractor shall support VA efforts IAW the Veteran Focused Integration Process (VIP). VIP is a Lean-Agile framework that services the interest of Veterans through the efficient streamlining of activities that occur within the enterprise. The VIP Guide can be found at https://www.voa.va.gov/DocumentView.aspx?DocumentID=4371. The VIP framework creates an environment delivering more frequent releases through a deeper application of Agile practices. In parallel with a single integrated release process, VIP will increase cross-organizational and business stakeholder engagement, provide greater visibility into projects, increase Agile adoption and institute a predictive delivery cadence. VIP is now the single authoritative process that IT projects must follow to ensure development and delivery of IT products PROCESS ASSET LIBRARY (PAL) The Contractor shall perform their duties consistent with the processes defined in the OIT Process Asset Library (PAL).  The PAL scope includes the full spectrum of OIT functions and activities, such as VIP project management, operations, service delivery, communications, acquisition, and resource management. PAL serves as an authoritative and informative repository of searchable processes, activities or tasks, roles, artifacts, tools and applicable standards and guides to assist the OIT workforce, Government and Contractor personnel. The Contractor shall follow the PAL processes to ensure compliance with policies and regulations and to meet VA quality standards.  The PAL includes the contractor onboarding process consistent with Section 6.2.2 and can be found at https://www.va.gov/PROCESS/artifacts/maps/process_CONB_ext.pdf. The main PAL can be accessed at www.va.gov/process. METHOD AND DISTRIBUTION OF DELIVERABLES The Contractor shall deliver documentation in electronic format, unless otherwise directed in Section B of the solicitation/contract FACILITY/RESOURCE PROVISIONS The Government will provide office space, telephone service and system access when authorized contract staff work at a Government location as required in order to accomplish the Tasks associated with this PWS. All procedural guides, reference materials, and program documentation for the project and other Government applications will also be provided on an as-needed basis. The Contractor shall request other Government documentation deemed pertinent to the work accomplishment directly from the Government officials with whom the Contractor has contact. The Contractor shall consider the COR as the final source for needed Government documentation when the Contractor fails to secure the documents by other means. The Contractor is expected to use common knowledge and resourcefulness in securing all other reference materials, standard industry publications, and related materials that are pertinent to the work. VA may provide remote access to VA specific systems/network in accordance with VA Handbook 6500, which requires the use of a VA approved method to connect external equipment/systems to VA s network. Citrix Access Gateway (CAG) is the current and only VA approved method for remote access users when using or manipulating VA information for official VA Business. VA permits CAG remote access through approved Personally Owned Equipment (POE) and Other Equipment (OE) provided the equipment meets all applicable 6500 Handbook requirements for POE/OE. All of the security controls required for Government furnished equipment (GFE) must be utilized in approved POE or OE. The Contractor shall provide proof to the COR for review and approval that their POE or OE meets the VA Handbook 6500 requirements and VA Handbook 6500.6 Appendix C, herein incorporated as Addendum B, before use. CAG authorized users shall not be permitted to copy, print or save any VA information accessed via CAG at any time. VA prohibits remote access to VA s network from non-North Atlantic Treaty Organization (NATO) countries. The exception to this are countries where VA has approved operations established (e.g. Philippines and South Korea). Exceptions are determined by the COR in coordination with the Information Security Officer (ISO) and Privacy Officer (PO). This remote access may provide access to VA specific software such as Veterans Health Information System and Technology Architecture (VistA), ClearQuest, PAL, Primavera, and Remedy, including appropriate seat management and user licenses, depending upon the level of access granted. The Contractor shall utilize government-provided software development and test accounts, document and requirements repositories, etc. as required for the development, storage, maintenance and delivery of products within the scope of this effort.  The Contractor shall not transmit, store or otherwise maintain sensitive data or products in Contractor systems (or media) within the VA firewall IAW VA Handbook 6500.6 dated March 12, 2010. All VA sensitive information shall be protected at all times in accordance with VA Handbook 6500, local security field office System Security Plans (SSP s) and Authority to Operate (ATO) s for all systems/LAN s accessed while performing the tasks detailed in this PWS. The Contractor shall ensure all work is performed in countries deemed not to pose a significant security risk. For detailed Security and Privacy Requirements (additional requirements of the contract consolidated into an addendum for easy reference) refer to ADDENDUM A ADDITIONAL VA REQUIREMENTS, CONSOLIDATED and ADDENDUM B - VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE. GOVERNMENT FURNISHED PROPERTY The Government has multiple remote access solutions available to include Citrix Access Gateway (CAG), Site-to-Site Virtual Private Network (VPN), and RESCUE VPN.  The Government provides all existing hardware Application / database servers, Workstations (PCs) and peripheral devices. PERFORMANCE METRICS The table below defines the Performance Standards and Acceptable Levels of Performance associated with this effort. Performance Objective Performance Standard Acceptable Levels of Performance Technical / Quality of Product or Service Demonstrates understanding of requirements Efficient and effective in meeting requirements Meets technical needs and mission requirements Provides quality services/products Satisfactory or higher Project Milestones and Schedule Established milestones and project dates are met Products completed, reviewed, delivered in accordance with the established schedule Notifies customer in advance of potential problems Satisfactory or higher Cost & Staffing Currency of expertise and staffing levels appropriate to perform tasks required Personnel possess necessary knowledge, skills and abilities to perform tasks Satisfactory or higher Management Integration and coordination of all activities to execute effort Satisfactory or higher The COR will utilize a Quality Assurance Surveillance Plan (QASP) throughout the life of the contract to ensure that the Contractor is performing the services required by this PWS in an acceptable level of performance. The Government reserves the right to alter or change the surveillance methods in the QASP at its own discretion. ADDENDUM A ADDITIONAL VA REQUIREMENTS, CONSOLIDATED Cyber and Information Security Requirements for VA IT Services The Contractor shall ensure adequate LAN/Internet, data, information, and system security in accordance with VA standard operating procedures and standard PWS language, conditions, laws, and regulations.  The Contractor s firewall and web server shall meet or exceed VA minimum requirements for security.  All VA data shall be protected behind an approved firewall.  Any security violations or attempted violations shall be reported to the VA Program Manager and VA Information Security Officer as soon as possible.  The Contractor shall follow all applicable VA policies and procedures governing information security, especially those that pertain to certification and accreditation. Contractor supplied equipment, PCs of all types, equipment with hard drives, etc. for contract services must meet all security requirements that apply to Government Furnished Equipment (GFE) and Government Owned Equipment (GOE).  Security Requirements include:  a) VA Approved Encryption Software must be installed on all laptops or mobile devices before placed into operation, b) Bluetooth equipped devices are prohibited within VA; Bluetooth must be permanently disabled or removed from the device, unless the connection uses FIPS 140-2 (or its successor) validated encryption, c) VA approved anti-virus and firewall software, d) Equipment must meet all VA sanitization requirements and procedures before disposal.  The COR, CO, the PM, and the Information Security Officer (ISO) must be notified and verify all security requirements have been adhered to. Each documented initiative under this contract incorporates VA Handbook 6500.6, Contract Security, March 12, 2010 by reference as though fully set forth therein. The VA Handbook 6500.6, Contract Security shall also be included in every related agreement, contract or order.  The VA Handbook 6500.6, Appendix C, is included in this document as Addendum B. Training requirements: The Contractor shall complete all mandatory training courses on the current VA training site, the VA Talent Management System (TMS) 2.0, and will be tracked therein. The TMS 2.0 may be accessed at https://www.tms.va.gov/SecureAuth35/ . If you do not have a TMS 2.0 profile, go to https://www.tms.va.gov/Se...
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/b9de1bf8771b4e13b102a83a8b442380/view)
 
Place of Performance
Address: Department of Veterans Affairs VISN 20 Facilities, USA
Country: USA
 
Record
SN06181123-F 20211120/211118230129 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.